Security News

BlackBerry on Monday announced a new open source tool to help security teams reverse engineer malware. Called PE Tree, BlackBerry said the free tool was initially developed for internal use, but the company has now released it as an additional tool for reverse engineers to have in their arsenal.

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more. Today, the creation of the Open Source Security Foundation.

The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source Security Coalition and the Core Infrastructure Initiative under one roof. The CII is an existing Linux Foundation project that has wide support, including from AWS, Facebook, Huawei, Cisco, Intel, Qualcomm, and VMware, as well as most of the OpenSSF founder members mentioned above.

The Linux Foundation announced the formation of the Open Source Security Foundation, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub's Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.

TEAMARES launched DeimosC2, addressing the market need for a cross-compatible, open source Command and Control tool for managing compromised machines that includes mobile support. Offensive security teams often need access to a cost-effective, easy-to-use tool that can manage compromised machines after an exploitation.

Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted. RECON is the name assigned to a recently disclosed vulnerability - officially tracked as CVE-2020-6287 - that researchers at Onapsis identified in a component used by many SAP products.

MariaDB announced the general availability of MariaDB Platform X5, a comprehensive open source database solution delivering the ultimate in versatility across workloads and scalability from a single database or data warehouse to millions of transactions per second. "MariaDB Platform X5 is the culmination of years of deep engineering work to bring together best-of-breed technologies in a meaningful way," said Michael Howard, CEO, MariaDB Corporation.

Commentary: Cyral has been on a roll with two open source projects designed to make security a natural part of the development workflow. By open sourcing Approzium, Cyral makes it easier for developers to trust the project precisely because they don't really have to trust it-they can see the code.

That's the reason why companies should constantly test their environments against TTPs. The baseline profiling of your core network components, OS, devices and apps, adversary simulations, achieving full visibility and analytics across many different network data sources, correlation, and understanding of how each component affects the other one seems like a good approach for dealing with cybersecurity risks. What's your take on using open source tools within an enterprise security architecture?

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications. AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection's Application DB, which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems.